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DETAILED ACTION 

1 . Claims 1 -64 have been examined. 

Claim Rejections - 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2 ) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-24 are rejected under 35 U.S.C. 102(e) as being anticipated by Berson et al. 
U.S. Pat. No. 7051 199 (hereinafter Berson). 

4. As per claim 1, Berson discloses a cryptographic key server suitable for providing 
cryptographic services to remote devices coupled to said cryptographic key server via a network 
(Berson: column 3 lines 3-5), said cryptographic key server comprising: a secure network 
interface engine executing on said cryptographic key server (Berson: column 5 lines 44-67; 
column 9 lines 40-50), said secure network interface engine operable: to establish a secure 
network communication channel with at least one remote device (Berson: column 3 lines 5-8: 
establish secure channel); to unmarshal secured cryptographic service requests received from 
said at least one remote device (Berson: column 10 lines 14-21); and to marshal and transmit 
secure cryptographic service responses to said at least one remote device (Berson: column 10 
lines 14-21); and a cryptographic service engine executing on said cryptographic key server, said 
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cryptographic service engine being in bi-directional communication with said secure network 
interface engine, said cryptographic service engine operable to provide cryptographic services 
requested by said at least one remote device via said secure network interface engine (Berson: 
column 3 lines 14-26: providing cryptographic services), wherein said cryptographic service 
requests comprise input data to be transformed; at least one unique identifier for identifying at 
least one key for performing the transformation; and instructions for how the cryptographic 
service engine should transform the data (Berson: column 10 lines 40-57). 

5. As per claim 2, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said at least one device is an application server (Berson: 
column 12 lines 46-63: the request can be generated from any computing mechanism). 

6. As per claim 3. Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said secure network interface engine is arranged such that said 
secure network communication channel is established according to a Secure Socket Layer (SSL) 
protocol (Berson: column 3 lines 5-8: secure tunnel; column 1 1 lines 34-36). 

7. As per claim 4, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said secure network interface engine is arranged such that said 
secure network communication channel is established according to a Transport Layer Security 
(TLS) protocol (Berson: column 3 lines 5-8). 
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8. As per claim 5, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said secure network interface engine supports multiple 
communications protocols including a Secure Socket Layer (SSL) protocol and a Transport 
Layer Security (TLS) protocol, said secure network interface engine being responsive to said at 
least one device to establish said secure network communication channel according to a protocol 
selected by said at least one device (Berson: column 3 lines 5-8: establishing tunnel between two 
devices allows secure communication between them based on well known communication 
protocols). 

9. As per claim 6, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said cryptographic service engine and said secure network 
interface engine are components of a single process executing on said cryptographic key server 
(Berson: column 9 lines 40-60). 

10. As per claim 7, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said cryptographic service engine is operable to perform 
encryption and decryption functions (Berson: column 6 lines 59-66). 

11. As per claim 8, Berson discloses the cryptographic key server as recited in claim 7. 
Berson further discloses wherein said encryption and decryption functions comprise: symmetric 
block ciphers; generic cipher modes; stream cipher modes; public-key cryptography; padding 
schemes for public-key systems; key agreement schemes; elliptic curve cryptography; one-way 



Application/Control Number: 1 0/5 1 9,239 Page 5 

Art Unit: 2431 

hash functions; message authentication codes; cipher constructions based on hash functions; 
pseudo random number generators; password based key derivation functions; Shamir's secret 
sharing scheme and Rabin's information dispersal algorithm (IDA); DEFLATE (RFC 1951) 
compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support; fast 
multi-precision integer (bignum) and polynomial operations; finite field arithmetic, including 
GF(p) and GF(2.sup.n); and prime number generation and verification (Berson: column 5 lines 
44-67; column 6 lines 44-67). 

12. As per claim 9, Berson discloses the cryptographic key server as recited in claim 7. 
Berson further discloses wherein said encryption and decryption functions comprise: DES, 
3DES, AES, RSA, DSA, ECC, RC6, MARS, Twofish, Serpent, CAST-256, DESX, RC2, RC5, 
Blowfish, Diamond2, TEA, SAFER, 3-WAY, Gost, SHARK, CAST- 128, Square, Shipjack, 
ECB, CBC, CTS, CFB, OFB, counter mode(CTR), Panama, ARC4, SEAL, WAKE, Wake-OFB, 
Blumblumshub, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin- Williams (RW), LUC, 
LUCELG, DLIES (variants of DHAES), ESIGN padding schemes for public-key systems: 
PKCS#1 v2.0, OAEP, PS SR, IEE P1363 EMSA2, Diffie-Hellman (DH), Unified Diffie- 
Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH, ECDSA, ECNR, ECIES, 
ECDH, ECMQV, SHA1, MD2, MD4, MD5, HAVAL, RIPEMD-160, Tiger, SHA-2 (SHA-256, 
SHA-384, and SHA-512), Panama, MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DM AC, 
Luby-Rackoff, MDC, ANSI X9.17 appendix C, PGP's RandPool, PBKDF1 and PBKDF2 from 
PKCS #5 (Berson: column 5 lines 44-67; column 6 lines 44-67). 
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13. As per claim 10, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said cryptographic service engine is operable to perform 
signing and verifying functions (Berson: column 8 lines 17-55). 

14. As per claim 11, Berson discloses the cryptographic key server as recited in claim 10. 
Berson further discloses wherein said signing and verifying operations includes RSA and DSA 
(Bersson: column 8 lines 17-55). 

15. As per claim 12, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said cryptographic service engine is operable to perform 
hashing operations (Berson: column 5 lines 44-67). 

16. As per claim 13, Berson discloses the cryptographic key server as recited in claim 10. 
Berson further discloses wherein said hashing operations includes HMAC with SHA-1 (Berson: 
column 6 lines 44-67). 

17. As per claim 14, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said cryptographic service engine is further operable to 
authenticate and to determine authorization of a request for cryptographic services prior to and as 
a condition of performing said cryptographic services (Berson: column 8 lines 36-55). 
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18. As per claim 15, Berson discloses the cryptographic key server as recited in claim 14. 
Berson further discloses wherein authenticating a request for cryptographic services includes 
verifying an identity of one or more of a set comprising: a client that is requesting for 
cryptographic services; said at least one remote device from which said client requesting for 
cryptographic services; a function or program that is executing on said at least one remote device 
(Berson: column 8 lines 36-55). 

19. As per claim 16, Berson discloses the cryptographic key server as recited in claim 14. 
Berson further discloses wherein determining authorization of a request for cryptographic 
services includes determining authorization privileges granted to one or more of a set 
comprising: a client that is requesting for cryptographic services; said at least one remote device 
from which said client requesting for cryptographic services; a function or program that is 
executing on said at least one remote device (Berson: column 8 lines 36-55). 

20. As per claim 17, Berson discloses the cryptographic key server as recited in claim 16. 
Berson further discloses wherein the operation of determining authorization a request for 
cryptographic services further includes determining whether said request for cryptographic 
services is within the privileges of a requestor that is associated with said request for 
cryptographic services (Berson: column 8 lines 36-55). 
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21. As per claim 18, Berson discloses cryptographic key server as recited in claim 1 . Berson 
further discloses wherein said cryptographic service engine is operable to track requests for 
cryptographic services (Berson: column 16 lines 48-61). 

22. As per claim 19, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses said cryptographic key server further comprising: a private key engine, 
said private key engine operable to provide private keys for use by said cryptographic service 
engine in performing cryptographic services (Berson: column 10 lines 5-13: key may be stored in 
database/private key engine). 

23. As per claim 20, Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said cryptographic key server is a network security appliance 
(Berson: column 8 lines 58-67). 

24. As per claim 2 1 , Berson discloses the cryptographic key server as recited in claim 1 . 
Berson further discloses wherein said cryptographic key server has a computer hardware 
architecture supporting said cryptographic service engine and said secure network interface 
engine, said computer hardware architecture comprising: a databus; a central processing unit bi- 
directionally coupled to said databus; a persistent storage device bi-directionally coupled to said 
databus; a transient storage device bi-directionally coupled to said databus; a network I/O device 
bi-directionally coupled to said databus; a cryptographic accelerator card bi-directionally coupled 
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to said databus; a hardware security module bi-directionally coupled to said databus and suitable 
for storing private keys; and a smart card interface device (Berson: column 6 lines 44-67). 

25 . As per claim 22, Berson discloses the cryptographic key server as recited in claim 2 1 . 
Berson further discloses wherein said hardware security module is a tamper resistant device 
(Berson: column 6 lines 44-67). 

26. As per claim 23, Berson discloses the cryptographic key server as recited in claim 21 . 
Berson further discloses wherein said private keys arc loaded into said hardware security module 
and stored in an encrypted format (Berson: column 3 lines 14-21). 

27. As per claim 24, Berson discloses the cryptographic key server as recited in claim 21 . 
Berson further discloses wherein said private keys are loaded into said hardware security module 
via a smart card storing said encrypted private keys (Berson: column 6 lines 44-67). 

Claim Rejections - 35 USC §103 

28. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

29. Claims 25-64 are rejected under 35 U.S.C. 103(a) as being unpatentable over Berson. 
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30. As per claim 25, Berson discloses the cryptographic key server as claim 24. Berson does 
not explicitly disclose applying secret sharing scheme for cryptographic service. However, it 
would have been obvious to one having ordinary skill in the art to use secret sharing 
cryptographic scheme when multiple clients interface with a security server for cryptographic 
communication. Therefore, it would have been obvious to one having ordinary skill in the art at 
the time of applicant's invention to incorporate secret sharing scheme because it enhances the 
security of cryptographic keys. 

31. As per claim 26-64, claims 26-64 encompass the same or similar scope as claims 1-25. 
Therefore, claims 26-53 are rejected based on the same reason set forth above in rejecting claims 
1-25. 

Response to Arguments 

32. Applicant's arguments with respect to claims 1-64 have been considered but are moot in 
view of the new ground(s) of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHIN-HON CHEN whose telephone number is (571)272-3789. 
The examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William R. Korzuch can be reached on (571) 272-7589. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Shin-Hon Chen 
Primary Examiner 
Art Unit 2431 

/Shin-Hon Chen/ 

Primary Examiner, Art Unit 243 1 



